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^vj , In this work we relate the deterministic complexity of factoring polynomials (over finite 

fields) to certain combinatorial objects we call m-schemes. We extend the known conditional 
Oj' deterministic subexponential time polynomial factoring algorithm for finite fields to get an 

_^^ , underlying m-scheme. We demonstrate how the properties of m-schemes relate to improve- 

^ ■ ments in the deterministic complexity of factoring polynomials over finite fields assuming the 

generalized Riemann Hypothesis (GRH). In particular, we give the first deterministic poly- 
nomial time algorithm (assuming GRH) to find a nontrivial factor of a polynomial of prime 
degree n where (n — 1) is a smooth number. 
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O. 1 Introduction 

We consider the classical problem of finding a nontrivial factor of a given polynomial over a finite 
^ ' field. This problem has various randomized polynomial time algorithms - Berlekamp |Ber67|, 

■^ , Cantor and Zassenhaus |CZ81j . von zur Gathen and Shoup [GS92| . Kaltofcn and Shoup KS98] 

r^ ' - but its deterministic complexity is a longstanding open problem. In this paper we study the 

deterministic complexity of the problem assuming the generalized Riemann Hypothesis (GRH). 
The assumption of GRH in this paper is needed only to find primitive r-th nonresidues in a finite 

^r , field Fg which are in turn used to find a root x (if it exists in ¥q) of "special" polynomials: x^ — a 

^ ■ over F, (see |Evd89j ). 

f~^ , Assuming GRH, there are many deterministic factoring algorithms known but all of them 

are exponential-time except on special instances. Ronyai [Ro92] showed under GRH that any 
polynomial f{x) € Z[x], such that Q[a;]/(/) is a Galois extension, can be factored modulo p in de- 

^^ ■ terministic polynomial time except for finitely many primes p. Ronyai's result generalizes previous 

H \ results by Huang [Hua91j . Evdokimov |Evd89| and Adleman, Manders and Miller [AMM77J . Over 

special finite fields, Bach, von zur Gathen and Lenstra [BGLOl] showed that polynomials over 
finite fields of characteristic p can be factored in deterministic polynomial time if (pk (p) is smooth 
for some integer fc, where 4>k{x) is the fc-th cyclotomic polynomial. This result generalizes the 
previous works of Ronyai [R689| , Mignotte and Schnorr ' MS 8 8] , von zur Gathen ^vzG87j , Camion 
|Cam83| and Moenck [Moe77| . 

The line of research that we extend in this paper was started by Ronyai [R688| . There it 
was shown how to use GRH to find a nontrivial factor of a polynomial /(x), where the degree 
n of f{x) has a small prime factor, in deterministic polynomial time. The basic idea of |R688j . 
in the case when n is even, was to go to a ring extension yl'^' := ¥q[x\,X2]/{f{x{), f2{xi,X2)) 
of A'^^^ := '¥q[xi\/{f{xi)), where f2{xi,X2) '■= ^ _J , and then use the symmetry of ^^^^ to 
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decompose A^"^^ under GRH. A decomposition of A^"^^ gives us a nontrivial factor of f{x) since n is 
even. |R688j showed that this basic idea can be extended to the case when a prime r\n but then the 
deterministic algorithm finds a nontrivial factor of f{x) in time poly{\ogq, n^). The n^ dependence 
appears in the complexity estimate because this is roughly the dimension of the algebras, like: 

F5[xi, . . . , Xr]/{f{xi), . . . , fr{xi, ..., Xr)) (1) 

in which the algorithm does computation. Naively, it would seem that this algorithm will take time 
poly{\ogq,n^) in the worst case (for example when n is a prime). But Evdokimov [Evd94j showed 
that Ronyai's algorithm can be modified such that it is enough to work with algebras like JT]) with 
r = logn, thus, polynomial factoring can be done deterministically in time poly{logq, n}°^^) under 
GRH. 

We extend Evdokimov's algorithm and show that our algorithm has an underlying natural 
combinatorial structure that we call an 77i-scheme (a generalization of superschemes introduced 
by Smith [Smi94j ). An m-scheme on n points is, roughly speaking, a partition V of the set [ri]™, 
where [n] denotes the set {1, . . . , n}: 

[n]" = UpevP 

that satisfies certain "natural" properties (defined in Section[2]). There is an abundance of examples 
of m-schemes in algebraic combinatorics: 

• a regular graph on n vertices is an example of a 2-scheme on n points, 

• a strongly regular graph on n vertices is an example of a 3-scheme on n points. 



• 



• 



an association scheme (see [Ziej ) gives rise to a 3-scheme and vice- versa. See Section \T^ for 
these kind of examples. 



n-schemes on n points always arise from groups. See Section [273] for constructing them from 
groups and [Smi94| for the converse. This important example suggests that m-schemes can 
be considered as a generalization of finite groups. 

• curiously enough, rn-schemes on n points also appear when the (tti— l)-dimensional Weisfeiler- 
Lehman method for graph isomorphism is applied to a graph on n vertices, see |CFI92j . 

The ?7i-schemes that appear in our polynomial factoring algorithm possess a special structure and 
we believe that their properties can be exploited to get a deterministic and efficient polynomial 
factoring algorithm (under GRH). We demonstrate that this belief infact works in several cases. 

It is a standard result that to solve polynomial factoring it is enough to factor polynomials 
that split completely over prime fields (see Berlekamp |Ber67[ IBerTO) and Zassenhaus [Zas69] ). 
Thus, we will assume in this paper that the input polynomial f{x) of degree n has n distinct roots 
in ¥p for some prime p. Our algorithm for factoring f{x) constructs an r-scheme on the n roots 
while working in the algebra of Equation ([T]), over a suitable F^ I? Fj,. We give several results in 
this work showing how to utilise the properties of these underlying r-schemes to efficiently find a 
nontrivial factor of f{x). 

The paper is organized as follows. We formally define m-schemes in Section 2 and exhibit 
two important examples. In Section 3 we introduce our framework of the tensor powers ^®™ 
of the algebra A :~ ¥p[x]/{f{x)) and present our algorithm that constructs an underlying m- 
scheme, on the n roots of f{x), while working in A"^™. In Section 4 we show how to interpret 
Evdokimov's subexponential algorithm in our framework of m-schemes and give a conjecture about 
the structure of m-schemes which if true would make our algorithm deterministic polynomial time 
under GRH. We also prove the conjecture in the important example of TTi-schemes arising from 
groups. In Section 5 we show that our framework of m-schemes finds a nontrivial factor of f{x) 
in deterministic polynomial time under GRH if n is a prime and (n — 1) is smooth. In Section 6 
we show that the levels r (as in Equation ([T])) in Evdokimov's algorithm can be reduced to -|^ 



using properties of m-schemes. In Section 7 we introduce a concept of primitivity in m-schemes, 
inspired from the connectivity of graphs, and give some hints how it could improve the factoring 
algorithm. 

2 Introducing m-schemes 

In this section we define special partitions of the set [n]™ that we call m-schemes on n points. These 
combinatorial objects are closely related to superschemes which were first defined by [Smi94j . 

2.1 Basic definitions 

Let V = {vi, . . . , Vn} be a set of n distinct elements. For 1 < s < n, define the set of s-tuples: 

V'-^' := {{vi^ , . . . ,ViJ eV I Vi^, . . . ,Vi^ are s distinct elements of V}. 

If s > 1 there are s projections 7rf , . . . , 7rf : F^*^ —* \/(''^i) given as: 

7r| : (wi,. .. ,Vi_i,Vi,Vi+i,.. .,1^5) >-> {vi,.. . ,Vi^i,Vi+i, . . .,Vs). 

The symmetric group on s elements Symnij, acts on V^"' in a natural way by permuting the 
coordinates of the s-tuples. To be more accurate, the action is the following: for a G Symm^, 

(Ul, ...,Vi,.. . ,Ws)°' = (Wl-, ■ • ■ ,Wi-, • • ■ ,Ws-). 

For 1 < m < n an m-collection on V^ is a collection 11 of partitions 7^1,7^2, ■ • ■ I'Pm of V" = 
]/(i)^ \/(2)^ _ _ ^ yim) respectively. For 1 < s < m we denote by =-p^ the equivalence relation on 
V^^'^ corresponding to the partition Vs- We call the equivalence classes of =-p^ colors at level s. 

We define below some natural properties of collections that are relevant to us. Let 11 = 
{'Pi, ^2, ■ ■ ■ , Vm} be an m-collection on V. 

Compatibility: We say that 11 is compatible at level 1 < s < m\i u^v € P ^Vs implies that 
for every 1 < i < s there exists Q G Vs-i such that 7r|(u), 7rf (ti) G Q. In other words, if two tuples 
(at level s) have the same color then for every projection the projected tuples (at level s — 1) have 
the same color as well. It follows that for a class P G Vs, the sets 7r|(P) := {7r|(w)|u G P}, for all 
« G [s], are colors in Vs~i- 

Regularity: We say that 11 is regular at level l<s<mifu,wGQG T's-i implies that for 
every 1 < i < s and for every P €Vs, 

#{u' G P I <(«') =u}^ #{v' G P I ntiv') = v} 

We call the tuples in P n (7r|)~^(u) as nf -fibers of u in P. So regularity, in other words, means 
that the cardinalities of the fibers above a tuple depend only on the color of the tuple. 

The above two properties motivate the definition of the subdegree of a color P over a color Q 
as ^7j when 11 is compatible and regular at level s and Trf (P) = Q for some i. 

Invariance: An ?7i-collection is invariant at level 1 < s < m ii for every P G Vs, and 
a G Symnij, we have: 

P" := {v^lv G P} G Vs. 

In other words, the partitions Vi, . . . ,Vm are invariant under the action of the corresponding 
symmetric group. 

Homogeneity: We say that the m-collection II is homogeneous if \Vi\ ~ 1. 

Symmetry: We say that an ?Ti-collection II is symmetric at level s if for every P ^ Vs and 
a G Symm^, we have P'^ = P. 

Antisymmetry: We say that an m-collection II is antisymmetric at level s if for every P ^ Vs 
and 1 7^ a G Symm^, we have V ^ P. 



Definition 1. An m-collection is called compatible, regular, invariant, symmetric, or antisymmet- 
ric if it is at every level 1 < s < m compatible, regular, invariant, symmetric, or antisymmetric 
respectively. 

An m-collection is called an ?n-scheme if it is compatible, regular and invariant. 

We should remark that the ?7i-scheines that appear in our factoring algorithm are homogeneous 
and antisymmetric as well. Let us now see some easily describable examples of m-schemes. 

2.2 Example: 3-schemes from coherent configurations 

Coherent configurations are standard combinatorial objects that have strongly regular graphs as 
examples (see |Came99] ). Recall that a coherent configuration is just a 2-scheme {7^1,7^2} that 
also has a composition property: 

Composition: For any Pi, Pj, Pk E V2 and an (a, /3) £ Pk the number: 

#{7eV^|(a,7)e^. and(7,/3)eF,} 

is independent of which tuple (a, (3) in Pk we chose. In other words, the relations Pi and Pj can 
be "composed" to get a bigger relation that is just a "linear combination" of the relations in 7^2- 

In the literature a homogeneous coherent configuration is usually called an association scheme. 
In this paper we do not enforce symmetricity or antisymmetricity in the definition of an association 
scheme. Coherent configurations and 3-schemes are similar notions. 

From a coherent configuration {"Pi, 7^2} we can define a partition V3 on the triples such that 
for any two triples (ui,M2,U3) and {vi,V2,V3) we have: 
{ui,U2,U3) =-p3 (i'i,'y2,^3) if and only if (mi,M2) =V2 («i,f'2), (ui^us) =-p^ (wijWs), ("2,^3) =V2 

(«2,W3)- 

It follows that for P e T's, the cardinality #{u3 € V\{ui,U2,U3) e P} of the 7r|-fibers of (ui,U2) 
in P is exactly #{^3 G V\{ui,U3) e Tr^P) and (^2,^3) G TTf{P)} and thus regularity at level 3 
is equivalent to the composition property of {7'i,7'2}- It is easy to show that {7'i,7'2,7'3} also 
satisfies compatibility and invariance, thus, it is a 3-scheme. 
Similarly, a converse can be shown: 

Lemma 2. If 11 = {7'i,7'2,7'3} is a homogeneous 3-scheme then {7'i,7'2} is an association 
scheme. 

Proof. By the hypothesis we already have that {7'i,7'2} is a homogeneous 2-scheme. Thus, we 
only need to show the composition property. Let Pi,Pj,Pk G 7^2 and let (a,/3) G Pk. Then by 
compatibility at level 3 there exists a subset S QV-i such that the set: 

{7eF|(a,7)eP„(7,/3)eP,} 

can be partitioned as: 

Upe5{7 EV\{a,^)& Pr,{j,P) e F,,(a,7,/3) G P} 
which again by the compatibility of 11 at level 3 is: 

Up^s{7&V\{a,-,,P)eP} 

now by the regularity of 11 at level 3 the size of the above sets is simply -^-p- which is independent 
of the choice of {a,/3). Thus, {7'i,7'2} has the composition property. D 



2.3 Example: orbit schemes 

Permutation groups provide a host of examples (see [Smi94| '). Let G < Symmy be a permutation 
group. The orbits of G on the s-tuples (1 < s < m < n) give an TTi-scheme. More formally, define 
the partition Vg as: for any two s-tuples (ui, . . . , Ug) and {vi, . . . , Vg) in V^^' , {ui, . . . , Us) =-Ps 
{vi, . . . ,Vs) iff 3(7 £ G, (cr(Mi), . . . ,(t{us)) — {vi, . . . ,Vs). It is easy to see that these partitions 
naturally satisfy compatibility, regularity and invariance properties and hence form an rn-scheme. 
We call 771-schemes arising in this way orbit m-schemes. 

The orbit scheme is homogeneous if and only if G is transitive. Furthermore, assume that G is 
transitive and for some integer m < n, gcd(TO!, \G\) = 1. Then the corresponding orbit m-scheme is 
a homogeneous antisymmetric m-scheme. Our attention to this class of examples has been drawn 
by D. Pasechnik. 

At the moment, we are not aware of any other examples of homogeneous antisymmetric m- 
schemes with m — > oo. The homogeneous antisymmetric TTi-schemcs are the ones that arise in our 
factoring algorithm and we do believe that their parameters satisfy more stringent conditions than 
the general m-schemes. For a conjecture along these lines see Section HTT] 

2.4 Difference between various notions of schemes 

The term schemes arises in the mathematical literature in many contexts. Our ?n-schemes should 
not be confused with the notion of schemes in algebraic geometry. However, our ?n-schemes are 
closely related to association schemes, superschemes (Smith jSmi94| ) and height t presuperschemes 
(Wojdylo |Woj01| ). Smith's superschemes are m-schemes that also satisfy a suitable higher dimen- 
sional generalization of the composition property. It is not difRcult to see that a superscheme on 
n points is just a n-scheme on n points. Wojdylo's height t presuperscheme consists of the bottom 
t levels of a superscheme. In particular, a level presuperscheme is just an association scheme. It 
can be shown that a height t presuperscheme on n-points consists just of the first (t + 2) levels of 
a (i -|- 3)-scheme on n points. 

3 Decomposition of tensor powers of algebras 

In this section we describe our polynomial factoring algorithm and simultaneously show how m- 
schemes appear in the algorithm. Recall that in the input we are given a polynomial f{x) E ¥p of 
degree n having distinct roots ai , . . . , a„ in Fp. For any extension field k of ¥p we have the natural 
associated algebra A := k[X]/(f{X)). Note that ^ is a completely split semisimple n-dimensional 
algebra over the field fc, i.e. A is isomorphic to A;" the direct sum of n copies of the one-dimensional 
fc-algebra k. We interpret A as the set of functions: 

V := {ai,. .. ,a„} -^ k 

equipped with the pointwise operations. Algorithmically, we have A by structure constants with 
respect to some basis 6i, . . . , 6„ (for example, 1,X, . . . , X"~^) and the problem of factoring f{X) 
completely can be viewed as finding an explicit isomorphism from A to fc". 

How do the factors of f{X) appear in A? They appear as zero divisors in A. Recall that a zero 
divisor is a nonzero element z{X) € A such that y{X)z{X) — for some nonzero element y{X) £ A. 
This means that f{X)\y{X) ■ z{X) which implies (by the nonzeroness of y and z) gcd{f{X), z{X)) 
factors f{X) nontrivially. As gcd of polynomials can be computed by the deterministic polynomial 
time Euclidean algorithm, we infer that finding a zero divisor in the factor algebra k[X]/{f{X)) 
is - up to polynomial time deterministic reductions - equivalent to finding a nontrivial divisor of 
f{X). Furthermore, computing an explicit isomorphism with /c" is equivalent to factoring f{X) 
completely. 



How are the ideals of A related to the roots of f{x)? Let / be an ideal of ^. The support of I, 
Supp(/) is defined as 

Supp(/) := V \ {v e V \ a{v) = for every a G /} 

Conversely, for U C V, the ideal I([/) is defined as: 

1{U) —{beAl b{u) = for every u € U} 

and l'^{U) is the annihilator of 1{U): 

1^{U) ■.^{aeA\ab = for every b G 1{U)}. 

It can be easily seen that Supp is an inclusion preserving bijection from the ideals of A to the 
subsets of V with inverse map I-'^. In view of this correspondence, partial decompositions of A 
into sums of pairwise orthogonal ideals correspond to partitions of the set V . Let us formulate the 
above discussion in a lemma. 

Lemma 3. If Ii, . . . , It are pairwise orthogonal ideals of A such that A = Ii + ■ ■ ■ + It then 
V = Supp(/i) U • • • U Supp(/t). 

We now move up to the tensor powers of A and there we show a way of getting the partitions 
of T/(™). For m G [n], let ^®™ denote the mth tensor power of A. A^"^ is also a completely split 
semisimple algebra; it is isomorphic to fc" . We again interpret it as the algebra of functions from 
V™ to k. Note that in this interpretation the rank 1 tensor element /ii (g) • • • (g) hm corresponds to 
a function V"^ -^ k that maps {xi, . . . , Xm) ^^ hi{xi) ■ ■ ■ h„i{xm) . 

The essential part A^"^' of A^"^ is the ideal consisting of the functions which vanish on all the 
m-tuples (wi, . . . , u„i) with Vi = Vj for some i ^ j. Then A^"^' can be interpreted as the algebra of 
functions ]/('") -^ k. We show below that a basis for ^(™) can be computed easily and then this 
is the algebra where our factoring algorithm does computations. 

Lemma 4. Given f{X), a polynomial of degree n having n distinct roots in ¥p, a basis for 
j[i"v = (^k[X]/{f{X))y"''' over fc D Fp can be computed by a deterministic algorithm in time 
poly{logp,n"^). 

Proof. To see this, consider embeddings fj,i of A into y^®™ (^i — 1, . . . , ttt.) given as /ii(a) — 1 (g) . . . (g) 
l(ga(gl(g...(gl where a is of course in the i-th place. In the interpretation as functions, ^ii{A) 
correspond to the functions on V"^ which depend only on the «th element in the tuples. Observe 
that the set, for 1 < i < j < to: 

Al'^j ^{be yl®" I {^i^{a) - fij{a))b = for every a £ A} 

is the ideal of A"^™ consisting of the functions which are zero on every tuple (wi, . . . ,Vm) with 
Vi y^ Vj. Given a basis for A, a basis for A™ can be computed by solving a system of linear 
equations in time polynomial in the dimension of y^®™ (over fc) which is n™. Finally, notice that 
^(™) can be computed as well since it is the annihilator of X]i<i<7<m ^Tj- ^ 

Remark 5. The algebras A^™' which we are now going to work with have a simple explicit de- 
scription, for example, A^^' is ofcourse k[Xi]/{f{Xi)) and A^^' is nothing but k[Xi,X2\/{f{Xi)^ 
f2{Xi,X2)) where f2{Xi,X2) is a polynomial in ^^'^^^[^2] defined as x -x • Similarly, we can 
write down an expression for A^"^' inductively. 

Like the case of to = 1, ideals and partial decompositions of ^^'"^ into pairwise orthogonal 
ideals correspond to subsets and partitions of the set l/(™) respectively. If / is an ideal of ^f™) 
then we again define the support of I, Supp(/) as: 

Supp(/) := V^(™) \{ve F^™) I a(w) = for every a e 1} 

Lemma |3] generalizes to: 



Lemma 6. For any s < n, if Ig.i, ■ ■ ■ ils,ts '^'^s pair-wise orthogonal ideals of A^'^' such that A^'^' = 
Is.i + --- + Is.t, then V^"^ = Supp(/,,i) U • • • U Supp(/,,tJ. 

Now we will describe our polynomial factoring algorithm that produces m-schemes. 

Algorithm Description 

Input: a degree n polynomial f{x) having n distinct roots in ¥p. Given 1 < tti < n we can wlog 
assume that we also have the smallest field extension k ^¥p having s-th nonresidues for all s £ [m] 
(computing k will take polyilogp, m"^) time under GRH). 

Output: a nontrivial factor of f{x) or a homogeneous, antisymmetric m-scheme on the n points: 
V:^{ae¥p\f{a)=0}. 

Algorithm overview: 

We define .A^^-* ^ A = k[x]/{f{x)) and compute y^*-*-*, for all s e [to], in time poly{\ogp,n™) 
(by Lemma S]). 

Now observe that Aut^iA'^'^^) contains Symm^. To see this, just note that there is an action 
of Symm^ on A^^' as a group of algebra automorphism, for a £ Symm^ this action is the linear 
extension of: 

This knowledge of explicit automorphisms of A^^^ can be exploited to efficiently decompose these 
algebras under GRH (see Theorem 2.3 in [R692J ). Thus, for all 1 < s < to we can compute 
mutually orthogonal ts > 2 ideals Is,i of A''^\ such that: 

-4(^) = Is.l + ... + Is,t^ 
By Lemma ini the above decomposition induces partitions Vg for all 1 < s < ?7i such that: 

Vs : V'^'^ = Supp(/,4) U • • • U Supp(/,,t, ) 

Thus, together with Vi :— {V} we have an m-collection LI :— (Pi, . . . ,Vm) on the set V. 

Now we will show how to refine this m-collection to an m-scheme using algebraic operations 
on the ideals Is,i of A'-'^' . To do that, we first need a tool to relate lower level ideals Is-i,i to 
higher level ideals Is^i'. For every 1 < s < to, we have s embeddings t^ : ^®(*~i) -^ ^®^ sending 
&ii (8) • ■ ■ (8) foi^_i to foil (g) • • • (g) bi._-^ i^ 1 1^ hi- (g) • • • &j^„i. Restricting to A'^'^^^^ and multiplying 
the images of t^ by the identity element of A^'^^ we obtain algebra embeddings A^'^^^'' —^ .4^^^ 
denoted also by tf , . . . , if . In the function interpretation, t|(y^(^~^^) is just the set of functions in 
A'--^^ which do not depend on the jth coordinate of tuples. 

Compatibility of the m-collection LI at level 1 < s < m corresponds to: for every pair of ideals 
Is-i,i and Is^i' in the decomposition of A^^~^^ and ^f'*^ respectively and for every j £ {1, . . . , s}, 
the ideal l^A I s-i, i) I s,i' can be assumed to be either zero or Is,i'- Otherwise we can efficiently 
compute a subideal of Is,i' , hence, refining /j i' and the m-collection LI. 

Regularity of the m-collection LI at level 1 < s < m corresponds to: for every pair of ideals 
Is-i,i and Is,i' in the decomposition of A^'^~^'^ and A^''^\ respectively, and for every j £ {!,..., s}, 
i''AIs-i,i)Is,i' can be assumed to be a free module over b'^AIs-i^i). Otherwise by trying to find a free 
basis, we can efficiently compute a zero divisor in Ig-i^i-, hence, refining Is-i,i and the TO,-collection 

n. 

Compatibility and regularity of LI create a natural connection between the ideals of levels (s— 1) 
and s, for all 1 < s < m. In the case when a pair of ideals Is-i,i and Iss' in the decomposition 
of ^*^''~-^' and A^^'' respectively satisfies L^j{Is-i,i)Is,i' = Is,i''- Is,i' is a free module over tj(/s_i^i) 
which in other words means that the elements in Ig^i' can be viewed as univariate polynomials 



with coefficients in Is-i,i- The rank of the free module Is,i' over l'^AIs-ia) can easily be seen to be 
equal to the subdcgree of Supp(/s^i') over Supp(/s_i,i). 

Invariance of the 77i-collection 11 at level 1 < s < ?ti may be assumed, since if for some 
a S Symnij, the decomposition of A^^' is not cr-invariant, then we can find two ideals Ig.i and Is^i' 
such that /Jj rils,i> is neither zero nor Is,i' , thus, we can efficiently refine Is.i' and the m-collection 

n. ' 

Homogeneity of the ?7i-collection 11 corresponds to: the algebra ^'^' = ^ is not in a decom- 
posed form. 

Antisymmetricity of the TTi-collection 11 at level 1 < s < m corresponds to: for any ideal Ig^i 
at level 1 < s < to and for any a G Symm^ \ {id}, we can assume If ^ ^ Is^t- Otherwise a is an 
algebra automorphism of Is,i and hence we can find its subideal efficiently under GRH by |R692| . 
thus, refining Jg ^ and the ?Ti-collection 11. 

Note that invariance and antisymmetricity at level s entail s! | is- 

By the observations above: we can keep applying ideal operations in the algebras A^''\ s € 
[m], till either we get a nontrivial factor of f{x) or the underlying TTi-collection 11 becomes a 
homogeneous, antisymmetric TO-scheme on n points. The time taken by our algorithm is clearly 
poly{\ogp,n"^). 

Remark 7. At this point we are able to reprove Ronyai's result ]R68S^ : under GRH, we can 
deterministically find a nontrivial factor of a degree n polynomial over ¥p in time poly (log p, n^), 
where r is the smallest prime divisor of n. The proof is to algorithmically try constructing an 
r-scheme as above and show by an easy divisibility argument that there exist no homogeneous, 
antisymmetric r -schemes on n points if r is a divisor of n. This guarantees that our algorithm will 
be forced to find a nontrivial factor of f{x). 

4 m-schemes in Evdokimov's Algorithm 

We saw in the last section how to either find a nontrivial factor of a given f{x) or construct an 
TO,-scheme on the n roots of f{x). Our aim is to analyse the "bad case" of the algorithm when we 
get no nontrivial factor but instead we get an antisymmetric, homogeneous m-scheme. Can the 
properties of these TTi-schemes be used to factor f{x)l In the rest of the paper we will try to answer 
that question. Here we start with an exposition of Evdokimov's idea [Evd94j in our framework of 
771-schemes. We show below that [Evd94 exploited the presence of matchings in the ?7i-schemes. 

Definition 8. A color P G Vs, for 1 < s < m, in an m-scheme {Vi, . . . ,Vrn} is called a matching 
if there exist l<i < j < s such that 7rf (P) = 7r|(P) and |7r,f(P)| = |P|. 

The presence of matchings can be used to efficiently refine the underlying m-scheme. 

Lemma 9. // the color P E Vs is a matching then under GRH we can refine the m-scheme 11 = 
{Vi, . . . , Vm\ deterministically in time poly(\ogp, n™). 

Proof. Following the notation of the above definition, it is obvious that if color P is a matching 
then both 7r| and tt^ are bijections, therefore the map 'kI{'k^)~^ is a permutation of ttAP). Fur- 
thermore, this permutation is nontrivial as P C V^'^' . So in the corresponding orthogonal ideals 
decomposition of A^^\ . . . , A^'^\ both the maps if and Lj give isomorphisms Is-i,i' -^ Is,e, where 
the ideals Ig-i/' and Is/ correspond to tTj{P) and P respectively. This means that the map 
((.f)~^d is a nontrivial automorphism of Is-i/'- It follows from [R692| that, assuming GRH, we 
can obtain a proper decomposition of Is-i,t and hence refine the TO-scheme H. n 

Now we show the idea of jEvd94| to find a matching in logj n levels. 

Lemma 10. // the m-scheme H :~ {Pi, . • . , Pm} on n points is antisymmetric at the second level, 
|Pi| < n and m > logj n then there is a matching in {Pi, . . . ,Vm}- 



Proof. We will give an effective way of finding a matching given such a fl. Choose Pi G Vi with 
di := |Pi| > 1. It is clear that Q2 = Pi is a disjoint union of some colors in V2- Choose a 
smallest color P2 € P2 with P2 ^ Q2- By the definition of an ?Ti-scheme: Tr1{P2) = '^2(^2) = Pi- 
Also, by antisymmetry we can infer that rf2 := jp^ < di/2. li d2 = 1 then P2 is a matching. 

If (i2 > 1 then we proceed in the following iterative way. Suppose that, for some 2 < s < m, 
we have already chosen colors Pi G Pi,...,Ps_i € Ps-i with TTl_^{Pi) = nl{Pi) — P^^i and 
1 < di :— p '^ I < rfi_i/2 for every 2 < i < s — 1. Since d^-i > 1, the set Qg — {v £ 
y(*^|7r|_j^(w) ePs_i,7r|(w) G Ps_i} is nonempty. Let P.; be a smallest class from P^ with P^ C Q^. 
Again antisymmetry implies that dg :— p °' < ds_i/2. If dg = 1 then P^ is clearly a matching. 
Otherwise we proceed to the level (s + 1) and further halve the subdegree. This procedure finds a 
matching in at most log2 di < logj n rounds. D 

From our algorithm in the last section and the above two lemmas it follows that, under GRH, 
we can completely factor f{x) deterministically in poly {log p, n'°s") time. This is the result of 
Evdokimov |Evd94| . 

It might be worth noting that in the above Lemma we used antisymmetry (and even invariance) 
merely at level 2. Indeed, if a compatible and regular m-coUection {Pi, . . . jVm} is antisymmet- 
ric at level 2 then for every 1 < s < to and every s-element subset {vi, . . . ,Ve} C V we have 
(wi, . . . , Vs-i,Vs) ^v, {vi, ■ ■ ■ , Vs, Vs-i). (This can be seen by projecting to the last two coordi- 
nates.) 

4.1 A Conjecture about Matchings 

Here we make a conjecture about the structure of homogeneous, antisymmetric 4-schemes and 
higher schemes. It might seem a bit unmotivated but we show below, interestingly, that it is true 
in the case of orbit schemes. Note that orbit schemes are the only (infinite) family of 4-schemes 
we currently know that are homogeneous and antisymmetric. 

Conjecture 11. There exists a constant to, > 4 such that every homogeneous, antisymmetric 
m-scheme contains a matching. 

It is clear by Lemma[H]that a proof of this conjecture would result in a deterministic polynomial 
time algorithm for factoring polynomials over finite fields (under GRH). 

We will now show that Conjecture [TT] holds, with m = 4, for the important example of orbit 
schemes. It is easy to see that the 2-scheme associated to a permutation group G is antisymmetric 
if and only if \G\ is odd. Assume that G is a nontrivial permutation group of odd order on V — 
{1, . . . , n}. Let iJ be a subgroup minimally containing the stabilizer Gi of G. Let B = Orh{H, 1) 
be the orbit of 1 under the action of H. Then H acts as a primitive permutation group on B. 
Also, by |Ser96| . there is a base of size s < 3 oi H. This is a subset {61, . . . , 6s} C B such that 
Ptbi n • • • n Hi,^ = N, where where N is the kernel of the permutation representation of H on 
B. We assume that this base is irredundant, in particular K = Hb-^ n • • • fl Hi,_,_^ > N. Since 
Kb^ — N < K there exists bg+i S Orh{K,bs) \ {bg}. In order to simplify notation, we assume 
&i = 1, 62 = 2, . . . , bs+i = s + 1. The first equality &i = 1 can be ensured using the transitivity 
of H on B, while the others can be achieved by renumbering V. From Gi < H we infer that 
N = Hi n ■ ■ ■ n Ht = Gi n ■ ■ ■ n Gt holds for every i e {1, . . . , s + 1}. Let P be the G-orbit 
of (1, . . . , s + 1). Since (1, . . . , s — 1, s) and (1, . . . , s — 1, s + 1) are in the same orbit, we have 
7r|+^(P) = TTgl^liP). Also, since the (1, . . . , s) and (1, . . . , s, s -|- 1) both have stabifizer N, the size 
of the orbits of both tuples coincide with \G : N\. These properties imply that P is a matching. 



5 Factoring polynomials of smooth prime degree 

We saw in Section [3] how to obtain a homogeneous m-scheme on n points from a given polynomial 
of degree n and we also saw in Lemma [5] that a homogeneous S-scheme is an association scheme. 
We now use a recent interesting result of Hanaki and Uno [HU06| about the structure of association 
schemes, on a prime number of points, to factor polynomials when rt is a smooth prime number. 

Theorem 12. If n > 2 is prime, r is the largest prime factor of (n — 1) and f{x) is a degree n poly- 
nomial overWp then we can find a nontrivial factor of f(x) deterministically in time poly (log p, n^) 
under GRH. 

Proof. Wlog we can assume that f{x) has n distinct roots (a^'s) in Fp. From Section [3] we can 
again assume that we have constructed a homogeneous antisymmetric (r + l)-scheme on n points: 
(Pi, . . . , Vr+i)- Now from Lemma[5]we know that (T^i, 7^2) is an antisymmetric association scheme. 
From 'HU06]: 3d\{n — 1), VP £ P2, #-P = dn. If d = 1 then we have matchings in P2 and hence 
by Lemma [5] we can find a nontrivial factor of f{x). 

On the other hand if d > 1 then the colors in {V2, ■ ■ ■ ,Pr+i) naturally induce homogeneous 
antisymmetric r-schemes on d points (for example, restrict the partitions to tuples that have ai in 
the first coordinate) . As d has a prime divisor which is at most r there do not exist such schemes 
by Remark [71 

The time complexity follows from our algorithm overview. D 

6 Reducing the number of levels in Evdokimov's algorithm 

We saw in Lemma [TU] that a homogeneous m-scheme on n points that is antisymmetric at level 2 
has a matching below the [log2n]-th level. Recall from Section [3] that from a polynomial we can 
construct an rn-scheme that is antisymmetric at every level > 1 and not just at level 2. Are we 
then guaranteed to get a matching at a level less than \ogn7 We conjecture that there should be 
a matching at a much smaller level as intuitively antisymmetricity reduces the subdegrees of the 
colors but we could prove only a constant fraction of logn upper bound on the number of levels. 
First we prove a lemma: 

Lemma 13. Let H = (Pi, . . . ,Vi) be a homogeneous, antisymmetric A-scheme on n > 8 points. 
Then there is a color P G V2 and its n^- fiber Q G V3 such that ttKQ) = ttKQ) = P and the 
subdegree of Q over P is less than ^ . 

Proof. Clearly, Pi just has one color, say, [n\. If P2 has more than two colors then by antisymmetry 
it has at least 4 colors and hence one of the colors P G P2 will have subdegree over [n] less than 
J. Again by the antisymmetry a 7r|-fiber Q £ P3 of P will have subdegree < ^ and Tr2{Q) = 
7rUQ)=P. 

In the case when P2 has just two colors - P and its "flipped" color P^ - let us define: 

Qi:^{xe [n] |(l,a;)eP} 
Q2:={xe [n] I (l,x)eP^} 



Then obviously Qi,Q2 are disjoint sets of size ui := '-^h^ partitioning {2,...,n}. Clearly, the 
image of the colors in P3 restricting the first coordinate to 1 gives us an antisymmetric partition F 

(2) (2) (2") ("2) 

of the sets Ql , Qi x Q2, Q2 >< Qi and Q2 , which is an association scheme on Q\ and Q2 ■ By 
the antisymmetricity of 11, the colors corresponding to Q2 x Qi are just the transpose (i.e. swap 
the two coordinates) of those corresponding to Qi x Q2. Each color in F can be naturally viewed 
as a rii X ni zero/one matrix. For example, a color R corresponding to Qi x Q2 can be represented 
as a matrix whose rows are indexed by Qi and whose columns are indexed by Q2 such that: for 
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all {i,j) e Qi X Q2, Rij = 1 if {i,j) G R and Rij = if {i,j) ^ R. Interestingly, in the matrix 

representation the composition property of Lemma [2] simply means that the linear combinations 

of the identity matrix / and the colors in the partition of Qi x Qi (or Q2 x (52) by F is a matrix 

algebra, say Ai (or ^2)- 

If Q\ (or Q2 ) is partitioned by T into more than two parts then by antisymmetry there will 

be > 4 parts which means that one of the parts will have subdegree < ^. This gives us a required 

Trf -fiber Q e 7^3 oiaP eV2. 

(2) (2) 

So we can assume that Q\ and Q2 are both partitioned into exactly two parts. Say, 

• R and i?^ are the two matrices representing the partition of Q^ by T. 

• S and 5^ are the two matrices representing the partition of Qj by F. 

Note that: R + R^ = S + S'^ = J — I where / is the identity matrix and J is the all one matrix 
of suitable dimensions. 

How do the partitions of Qi x Q2 look like? Let C/ be a matrix in the partition of Qi x Q2 by 
F. li U = J (i.e. F partitions Qi x Q2 in a trivial way) then by antisymmetricity V3 has exactly 
3! = 6 colors each of cardinality n • ^U = n ■ n\. But this is a contradiction as 6 • n • nf is not 
n{n — l)(n — 2). Thus, F partitions Qi x Q2 into at least 2 colors. Now since by antisymmetricity 
the number of colors in V^ has to be a multiple of 6, we deduce that F partitions Qi x Q2 into 
at least 4 colors, say, {f/i, . . . , C/4}. By the composition property of F, UiU'[ is in Ai. In other 
words, there are positive integers a,P such that: 

UiUl = al + f3{R + R^) 

^l3J+{a-(3)I 

Thus, if Ui is a singular matrix then UiUi = (3 J implying that Ui has equal rows. We can repeat 
the same argument with C/f^C/i (which is in A2) and deduce that Ui has equal columns. Now a 
zero/one matrix C/i can have equal rows and equal columns iff Ui = J . This contradiction implies 
that Ui is an invertible matrix. But then: 

{C/iC/f , C/iC/2^, UiU^, UiUj} 

is a set of 4 linearly independent matrices in Ai which contradicts the fact that Ai is a matrix 

(2) (2) . 

algebra of dimension 3. This contradiction implies that one of Q\ or Q2 is partitioned into at 

least four parts. 

Thus, in all the cases the lemma is true. D 

From the above lemma we see that at 2 levels higher we get a suitable color with subdegree 
reduced to a fraction of 2^^. This immediately gives us the following constant-factor improvement 
to Lemma [TUl 

Proposition 14. // the m-scheme H :— {Vi, ■ ■ ■ ,7^™} on n points is antisymmetric at the first 
three levels, \'Pi\ < n and ti > | log2 n then there is a matching in {Vi, . . . ,Vm}- 

7 Primitivity of m-schemes and further research 

A 2-scheme 11 — (Pi, 7^2) on n points can be viewed as a complete directed colored graph on n 
vertices, where vertices of one color correspond to a P e T-*! and the edges of one color correspond 
to a. Q G p2- If an m-scheme is coming from a polynomial f{x), over k, then we can try to relate 
graph properties of the m-scheme to the algebraic properties of the ideals defining the m-scheme. 
It turns out that such m-schemes can be efficiently tested for one such property: connectivity. 
One can introduce a related notion: primitivity which is actually an extension of the primitivity 
of association schemes. 
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Let n be a homogeneous 2-schcme on the points [n] with V2 — {P2.1, ■ ■ ■ ,P2.t2}- For every 
index i G {1, . . . , t2} let 6*2,^ denote the undirected graph on [n] whose edges are unordered pairs 
{u,v} where either {u,v) € P2,i or {v,u) S P2,i- We say that 11 is primitive if aU the graphs 
G2.1J • • • 7 G2.t2 ^I'e connected. 

Let /2,i := I'^{P2,i) be the ideal of A'-^'' corresponding to P2.i- We define a subset S{l2,i) of 
A'^^^ whose meaning would be clear later: 

S{l2a) ■■= {h e A'^^^ I {h<»l~l^h)e ll,} 

It is easy to see that k C S{l2^i) is a subalgebra of ^'^^ . The foUowing lemma relates the subalgcbras 
S{l2,i) to the notion of primitivity. 

Lemma 15. The dimension of the algebra S{l2,i) over k is equal to the num,her of the connected 
components of the graph G2,i- 

Proof. Let G2.i have c connected components. Observe that h{x) E S{l2.i) iff {h{xi) — h{x2))l2.i = 

iff h{u) = h{v) for all (u, v) E Supp(/2,i). The last condition precisely means that h{x) is constant 
on the connected components of G2.i- It follows that the polynomials hj{x), for j E [c], that are 

1 on all the vertices in the j'-th connected component and on the rest, form a basis of S{l2^i)- 
Thus, the dimension of S{l2.i) is c. D 

The above lemma shows that if for some i the graph G2,i is not connected (say, it has c 
connected components) then (by solving a system of linear equations) we compute a nontrivial 
subalgebra S{l2,i) of ^'^^•'. This in explicit terms means that if 11 was obtained from a polynomial 
f{x) of degree n then we can compute g{y) of degree c such that S'(/2,i) — k[y]/{g{y)) and: 

A('^={k[y]/{g{y)))[x]/{f{y,x)) 

where, the deg^ of f{y, x) is ^. Thus, we get two polynomials g{y) and f{y, x) of degrees c and ^ 
respectively to factor (the latter over the algebra S{l2,i) = k[y]/{g{y)) rather than over the base 
field k). If we succeed in finding a nontrivial factor of either of these polynomials then we can find 
a zero divisor in A^^' and then a factor of f{x) therefrom. In particular, if c < ^/n then it seems 
to be worth proceeding with factoring g{y). 

We can generalize the notion of primitivity to higher levels as well. 

Definition 16. Let F = (Vi, . . . ,Vm) be a m-scheme. For a P E Vs such thatTT^{P) — tt^_i{P) —: 
Q E Vs-i, we fix {vi,. . . ,Vs-2) G 7r^Zi(Q)- We define the graph G{P,vi, . . . ,^8-2) on the vertex 
set {v E [n] : (wi, . . . , Vs-2,v) G Q} with edges {u, v} such that either (wi, . . . , Vs-2,u, v) E P or 
(wi, . . . , fs-2j V, u) E P. It turns out that connectedness of G{P, f 1, . . . , Ws-2) is independent of the 
choice of the tuple (vi, . . . ,Vs-2)- We say that F is primitive at level s if for every P E Vs with 
7r|(P) = Tr^_i{P), the graph G{P, . . .) is connected. We say that F is primitive if it is primitive at 
all levels 2 < s < m. 

Put /,,, := I^(P), Is-iM ■■= I^(Q), Is-2,^" ■■= I^«Zi'(Q)) and define: 
SiIs,.):^{hEls-iM I i^lih) - iUiih)) e I^J 

One can show that S{Is^i) is a subalgebra of /s-i,i' and the number of connected components of 
G{P, . . .) is di™''/ °' ■ Thus in case of imprimitivity, we can compute a subalgebra "between" 



dimkS(h,i) ^ I dimfcJ^ J7 



Is-2,i" and Is-i,i' by solving a system of linear equations. If 1 < -^ — ''■- °' < ^ -r- — ,"' ^'' , it 
seems to be worth proceeding with decomposing the ideal Is-i,i' by finding a zero divisor in the 
subalgebra S{Is,i). 

We feel that primitivity imposes strong conditions on the parameters of an m-scheme but we 
do not know how to exactly use primitivity or imprimitivity and leave that for future research. 
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